{
    "DisabledTests": {
        "### These tests break whenever we rev versions, so just leave them here for easy uncommenting":"",
        "SendWarningAlerts-Pass":"BoringSSL updated",
        "SendBogusAlertType":"BoringSSL updated",
        "SendEmptyRecords-Pass":"BoringSSL updated",
        "ExtraCompressionMethods-TLS12":"BoringSSL updated",
        "SendSNIWarningAlert":"BoringSSL updated",
        "NoNullCompression-TLS12":"BoringSSL updated",
        "InvalidCompressionMethod":"BoringSSL updated",
        "SupportTicketsWithSessionID":"BoringSSL updated",
        "NoSharedCipher":"BoringSSL updated",
        "ServerHelloBogusCipher":"BoringSSL updated",
        "ClientHelloVersionTooHigh":"BoringSSL updated",
        "ServerAuth-SignatureType":"BoringSSL updated",
        "ECDSACurveMismatch-Verify-TLS12":"BoringSSL updated",
        "UnknownExtension-Client":"BoringSSL updated",
        "UnofferedExtension-Client":"BoringSSL updated",
        "SendClientVersion-RSA":"BoringSSL updated",
        "SupportedCurves-ServerHello-TLS12":"BoringSSL updated",
        "Basic-Client*Sync":"BoringSSL updated",
        "Resume-Client-CipherMismatch":"BoringSSL updated",
        "ClientAuth-SignatureType":"BoringSSL updated",
        "Agree-Digest-Default":"BoringSSL updated",
        "Basic-Server*Sync":"BoringSSL updated",
        "ClientAuth-*-Sync":"BoringSSL updated",
        "RSA-PSS-Default*":"BoringSSL updated",
        "Renegotiate-Server-NoExt*":"BoringSSL updated",
        "Downgrade-TLS12*":"BoringSSL updated",
        "MaxCBCPadding":"BoringSSL updated",
        "UnknownCipher":"BoringSSL updated",
        "LargeMessage":"BoringSSL updated",
        "NoCommonCurves":"BoringSSL updated",
        "UnknownCurve":"BoringSSL updated",
        "SessionTicketsDisabled*":"BoringSSL updated",
        "BadFinished-*":"BoringSSL updated",
        "ServerSkipCertificateVerify":"BoringSSL updated",
        "*VersionTolerance":"BoringSSL updated",
        "ConflictingVersionNegotiation*":"BoringSSL updated",
        "Ed25519DefaultDisable*":"BoringSSL updated",
        "*SHA1-Fallback*":"BoringSSL updated",
        "ExtendedMasterSecret-NoToNo*":"BoringSSL updated",
        "ServerNameExtensionClientMissing*":"BoringSSL updated",
        "NoClientCertificate*":"BoringSSL updated",
        "ServerCipherFilter*":"BoringSSL updated",
        "*FallbackSCSV*":"BoringSSL updated",
        "LooseInitialRecordVersion*":"BoringSSL updated",
        "ALPNClient*":"BoringSSL updated",
        "MinimumVersion*":"BoringSSL updated",
        "VersionNegotiation*":"BoringSSL updated",
        "*Client-ClientAuth*":"BoringSSL updated",
        "*Server-ClientAuth*":"BoringSSL updated",
        "NoExtendedMasterSecret*":"BoringSSL updated",
        "PointFormat*":"BoringSSL updated",
        "*Sync-SplitHandshakeRecords*":"BoringSSL updated",
        "*Sync-PackHandshakeFlight*":"BoringSSL updated",
        "TicketSessionIDLength*":"BoringSSL updated",
        "*LargeRecord*":"BoringSSL updated",
        "WrongMessageType-NewSessionTicket":"BoringSSL updated",
        "WrongMessageType*Certificate*":"BoringSSL updated",
        "WrongMessageType*Client*":"BoringSSL updated",
        "WrongMessageType*Server*":"BoringSSL updated",
        "WrongMessageType*DTLS":"BoringSSL updated",
        "GarbageCertificate*":"BoringSSL updated",
        "EmptyExtensions*":"BoringSSL updated",
        "*OmitExtensions*":"BoringSSL updated",
        "SupportedVersionSelection-TLS12":"Should maybe reject TLS 1.2 in SH.supported_versions (Bug 1438266)",
        "*TLS13*":"(NSS=19, BoGo=18)",
        "*HelloRetryRequest*":"(NSS=19, BoGo=18)",
        "*KeyShare*":"(NSS=19, BoGo=18)",
        "*EncryptedExtensions*":"(NSS=19, BoGo=18)",
        "*SecondClientHello*":"(NSS=19, BoGo=18)",
        "*IgnoreClientVersionOrder*":"(NSS=19, BoGo=18)",
        "SkipEarlyData*":"(NSS=19, BoGo=18)",
        "*Binder*":"(NSS=19, BoGo=18)",
        "Resume-Server-BinderWrongLength":"Alert disagreement (Bug 1317633)",
        "Resume-Server-NoPSKBinder":"Alert disagreement (Bug 1317633)",
        "CheckRecordVersion-TLS*":"Bug 1317634",
        "GREASE-Server-TLS13":"BoringSSL GREASEs without a flag, but we ignore it",
        "TLS13-ExpectNoSessionTicketOnBadKEMode-Server":"Bug in NSS. Don't send ticket when not permitted by KE modes (Bug 1317635)",
        "*KeyUpdate*":"KeyUpdate Unimplemented",
        "ClientAuth-NoFallback-TLS13":"Disagreement about alerts. Bug 1294975",
        "SendWarningAlerts-TLS13":"NSS needs to trigger on warning alerts",
        "NoSupportedCurves":"This tests a non-spec behavior for TLS 1.2 and expects the wrong alert for TLS 1.3",
        "SendEmptyRecords":"Tests a non-spec behavior in BoGo where it chokes on too many empty records",
        "LargePlaintext":"NSS needs to check for over-long records. Bug 1294978",
        "TLS13-RC4-MD5-server":"This fails properly but returns an unexpected error. Not a bug but needs cleanup",
        "*SSL3*":"NSS disables SSLv3",
        "*SSLv3*":"NSS disables SSLv3",
        "*AES256*":"Inconsistent support for AES256",
        "*AES128-SHA256*":"No support for Suite B ciphers",
        "DuplicateExtension*":"NSS sends unexpected_extension alert",
        "WeakDH":"NSS supports 768-bit DH",
        "SillyDH":"NSS supports 4097-bit DH",
        "SendWarningAlerts":"This appears to be Boring-specific",
        "TLS12-AES128-GCM-client":"Bug 1292895",
        "*TLS12-AES128-GCM-LargeRecord*":"Bug 1292895",
        "Renegotiate-Client-Forbidden-1":"Bug 1292898",
        "Renegotiate-Server-Forbidden":"NSS doesn't disable renegotiation by default",
        "Renegotiate-Client-NoIgnore":"NSS doesn't disable renegotiation by default",
        "StrayHelloRequest*":"NSS doesn't disable renegotiation by default",
        "NoSupportedCurves-TLS13":"wanted SSL_ERROR_NO_CYPHER_OVERLAP, got missing extension error",
        "FragmentedClientVersion":"received a malformed Client Hello handshake message",
        "UnofferedExtension-Client-TLS13":"nss updated/broken",
        "UnknownExtension-Client-TLS13":"nss updated/broken",
        "WrongMessageType-TLS13-EncryptedExtensions":"nss updated/broken",
        "WrongMessageType-TLS13-CertificateRequest":"nss updated/broken",
        "WrongMessageType-TLS13-ServerCertificateVerify":"nss updated/broken",
        "WrongMessageType-TLS13-ServerCertificate":"nss updated/broken",
        "WrongMessageType-TLS13-ServerFinished":"nss updated/broken",
        "EncryptedExtensionsWithKeyShare":"nss updated/broken",
        "EmptyEncryptedExtensions":"nss updated/broken",
        "TrailingMessageData-*": "Bug 1304575",
        "DuplicateKeyShares":"Bug 1304578",
        "Resume-Server-TLS13-TLS13":"Bug 1314351",
        "SkipEarlyData-Interleaved":"Bug 1336916",
        "ECDSAKeyUsage-TLS1*":"Bug 1338194",
        "PointFormat-Client-MissingUncompressed":"We ignore ec_point_formats extensions sent by servers.",
        "SkipEarlyData-SecondClientHelloEarlyData":"Boring doesn't reject early_data in the 2nd CH but fails later with bad_record_mac.",
        "SkipEarlyData-*TooMuchData":"Bug 1339373",
        "UnsolicitedServerNameAck-TLS1*":"Boring wants us to fail with an unexpected_extension alert, we simply ignore ssl_server_name_xtn.",
        "RequireAnyClientCertificate-TLS1*":"Bug 1339387",
        "SendExtensionOnClientCertificate-TLS13":"Bug 1339392",
        "ALPNClient-Mismatch-TLS13":"NSS sends alerts in response to errors in protected handshake messages in the clear",
        "P224-Server":"NSS doesn't support P-224"
    },
    "ErrorMap" : {
        ":HANDSHAKE_FAILURE_ON_CLIENT_HELLO:":"SSL_ERROR_NO_CYPHER_OVERLAP",
        ":UNKNOWN_CIPHER_RETURNED:":"SSL_ERROR_NO_CYPHER_OVERLAP",
        ":OLD_SESSION_CIPHER_NOT_RETURNED:":"SSL_ERROR_RX_MALFORMED_SERVER_HELLO",
        ":NO_SHARED_CIPHER:":"SSL_ERROR_NO_CYPHER_OVERLAP",
        ":DIGEST_CHECK_FAILED:":"SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE"
    }
}